Skip to content

stackbox-dev/claude-pr-reviewer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
examples
examples
 
 
LICENSE
LICENSE
 
 
README.ja.md
README.ja.md
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Claude PR Reviewer

GitHub Marketplace GitHub release License: MIT

日本語

A GitHub Action for automated PR reviews using Claude AI. It leverages the pr-review-toolkit plugin to provide comprehensive code reviews.

Features

  • Code Quality Check: Review coding style and best practices
  • Test Coverage Analysis: Evaluate test completeness and quality
  • Error Handling Detection: Identify silent errors and improper error handling
  • Type Design Analysis: Assess type definition quality and encapsulation
  • Comment Accuracy Verification: Check consistency between code comments and implementation
  • Interactive Review: Mention @claude in PR comments to request additional reviews or ask questions

Prerequisites

Before using this action, you need to set up Claude Code GitHub Actions. See the official documentation for details.

Quick Setup (Recommended)

Run the following command in Claude Code terminal:

/install-github-app

Manual Setup

  1. Install the GitHub App: https://github.com/apps/claude
  2. Add API key to repository secrets (see Authentication Setup)

Usage

Basic Workflow (OAuth Token)

name: Claude PR Review

on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write
  issues: write
  id-token: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: drillan/claude-pr-reviewer@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Basic Workflow (API Key)

name: Claude PR Review

on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: drillan/claude-pr-reviewer@v1
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

Interactive Review with @claude Mention

name: Claude PR Review

on:
  pull_request:
    types: [opened, synchronize]
  issue_comment:
    types: [created]

permissions:
  contents: read
  pull-requests: write
  issues: write
  id-token: write

jobs:
  review:
    runs-on: ubuntu-latest
    if: |
      github.event_name == 'pull_request' ||
      (github.event_name == 'issue_comment' &&
       github.event.issue.pull_request &&
       contains(github.event.comment.body, '@claude') &&
       github.event.comment.user.type != 'Bot')
    steps:
      - uses: drillan/claude-pr-reviewer@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Input Parameters

Parameter Required Default Description
claude_code_oauth_token No* - Claude Code OAuth token
anthropic_api_key No* - Anthropic API key
anthropic_model No claude-opus-4-5-20251101 Claude model to use
anthropic_base_url No - Anthropic API base URL. Set to route requests through your own gateway (e.g. https://gateway.example.com); leave empty to use the default Anthropic endpoint
review_language No English Language for review comments
custom_prompt No - Additional custom instructions
pr_number No - PR number to review (required for workflow_dispatch; auto-detected for pull_request and issue_comment events)
allowed_tools No (see below) Tools allowed for Claude
claude_args No - Additional arguments to pass to Claude Code (e.g. --verbose, --max-turns 10)
show_full_output No false Log Claude Code's full JSON output (all messages and tool results) to the Actions log for debugging. See warning below
claude_md_inject No - Space-separated list of files to append to CLAUDE.md before the review runs. Files that do not exist are silently skipped

* Either claude_code_oauth_token or anthropic_api_key is required. If both are provided, claude_code_oauth_token takes precedence.

Available Models

Model Model ID Characteristics
Claude Opus 4.5 claude-opus-4-5-20251101 Highest quality (default)
Claude Sonnet 4.5 claude-sonnet-4-5-20250929 Fast and balanced
Claude Haiku 4.5 claude-haiku-4-5-20251001 Fastest and lowest cost

Default allowed_tools

Bash(gh pr comment:*),Bash(gh pr review:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read,Grep,Glob

Authentication Setup

Two authentication methods are available:

Option 1: Claude Code OAuth Token (Recommended)

  1. Visit Claude Code
  2. Obtain an OAuth token
  3. Add to GitHub Secrets:
    • Go to repository Settings > Secrets and variables > Actions
    • Click "New repository secret"
    • Name: CLAUDE_CODE_OAUTH_TOKEN
    • Value: Your OAuth token
- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Option 2: Anthropic API Key

  1. Visit Anthropic Console
  2. Obtain an API key
  3. Add to GitHub Secrets:
    • Go to repository Settings > Secrets and variables > Actions
    • Click "New repository secret"
    • Name: ANTHROPIC_API_KEY
    • Value: Your API key
- uses: drillan/claude-pr-reviewer@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

Customization Examples

Review in Japanese

- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    review_language: Japanese

Use Faster Model

- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    anthropic_model: claude-haiku-4-5-20251001

Add Custom Prompt

- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    custom_prompt: |
      Pay special attention to security aspects.
      Also evaluate performance implications.

Debug the Review Run

Set show_full_output: true to stream Claude Code's full JSON output — every assistant message and tool execution result — into the GitHub Actions log. This is useful for debugging what the pr-review-toolkit plugin is doing on each turn.

- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    show_full_output: true

Warning

show_full_output logs all Claude messages, including tool execution results, which may contain secrets, API keys, or other sensitive information. Anyone who can read the workflow logs (including the public on open-source repositories) can see this output. Enable it only for temporary debugging, and keep the default (false) for normal runs.

Inject Custom Review Instructions

Use claude_md_inject to append project-specific review guidelines from files in your repo into CLAUDE.md before the review runs. Files that do not exist are silently skipped.

- uses: drillan/claude-pr-reviewer@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    claude_md_inject: .github/review-guidelines.md .github/CODE_REVIEW.md

Avoid Repeated Reviews

By default, reviews are triggered on every push (synchronize event). To review only on PR creation and re-review on demand via @claude mention:

on:
  pull_request:
    types: [opened]  # Remove synchronize
  issue_comment:
    types: [created]

Required Permissions

Add the following permissions to your workflow:

permissions:
  contents: read        # Read repository contents
  pull-requests: write  # Post comments on PRs
  issues: write         # Issue comments (for @claude mentions)
  id-token: write       # OIDC authentication

License

MIT License

About

No description or website provided.

Topics

squad-devops

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors